portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From morci...@apache.org
Subject cvs commit: jakarta-jetspeed/xdocs security.xml
Date Fri, 02 Jan 2004 21:20:11 GMT
morciuch    2004/01/02 13:20:11

  Modified:    .        project.xml
               docs/site security.html
               src/java/org/apache/jetspeed/modules/actions/portlets
                        SecurityUpdateAction.java
               src/java/org/apache/jetspeed/modules/localization
                        JetspeedLocalization_de.properties
                        JetspeedLocalization_el.properties
                        JetspeedLocalization_en.properties
                        JetspeedLocalization_es.properties
                        JetspeedLocalization_fr.properties
                        JetspeedLocalization_it.properties
                        JetspeedLocalization_ja.properties
                        JetspeedLocalization_my.properties
                        JetspeedLocalization_nl.properties
                        JetspeedLocalization_no.properties
                        JetspeedLocalization_pl.properties
                        JetspeedLocalization_pt.properties
                        JetspeedLocalization_tr.properties
               src/java/org/apache/jetspeed/om/registry SecurityAllow.java
                        SecurityEntry.java
               src/java/org/apache/jetspeed/om/registry/base
                        BaseSecurityAllow.java BaseSecurityEntry.java
               src/java/org/apache/jetspeed/services/security/registry
                        RegistryAccessController.java
                        TestAccessController.java
               webapp/WEB-INF/conf registry.xml
               webapp/WEB-INF/templates/vm/portlets/html security-form.vm
               xdocs    security.xml
  Log:
  Added support for groups in registry security constraints (see Bugzilla bug# 25871)
  
  Revision  Changes    Path
  1.28      +7 -0      jakarta-jetspeed/project.xml
  
  Index: project.xml
  ===================================================================
  RCS file: /home/cvs/jakarta-jetspeed/project.xml,v
  retrieving revision 1.27
  retrieving revision 1.28
  diff -u -r1.27 -r1.28
  --- project.xml	30 Oct 2003 01:53:17 -0000	1.27
  +++ project.xml	2 Jan 2004 21:20:10 -0000	1.28
  @@ -221,6 +221,13 @@
   			</properties>
   		</dependency>
   		<dependency>
  +			<id>hsqldb</id>
  +			<version>1.7.1</version>
  +			<properties>
  +				<war.bundle.jar>true</war.bundle.jar>
  +			</properties>
  +		</dependency>
  +		<dependency>
   			<id>oro</id>
   			<version>2.0.6</version>
   			<properties>
  
  
  
  1.28      +26 -2     jakarta-jetspeed/docs/site/security.html
  
  Index: security.html
  ===================================================================
  RCS file: /home/cvs/jakarta-jetspeed/docs/site/security.html,v
  retrieving revision 1.27
  retrieving revision 1.28
  diff -u -r1.27 -r1.28
  --- security.html	12 Dec 2003 17:54:17 -0000	1.27
  +++ security.html	2 Jan 2004 21:20:10 -0000	1.28
  @@ -631,7 +631,7 @@
   The default Jetspeed security service stores its security constraints in a Jetspeed registry.
   New security constraints are deployed in to Jetspeed as  XREG files.
   They are standalone, high level registry elements like a portlet-entry. 
  -Constraints list the valid roles and users for the constraint, and the action for which 
  +Constraints list the valid roles, groups and users for the constraint, and the action for which 
   we are allowing (granting) access  on the resource.
   The tables below defines the valid attributes and elements of a security entry:
   </p>
  @@ -765,7 +765,7 @@
   </td>
                                   <td bgcolor="#a0ddf0" colspan="" rowspan="" valign="top" align="left">
       <font color="#000000" size="-1" face="arial,helvetica,sanserif">
  -                Defines which role will be granted access for the associated action. If not defined, access is denied to everyone for the associated action.
  +                Defines which role/group/user will be granted access for the associated action. If not defined, access is denied to everyone for the associated action.
               </font>
   </td>
               </tr>
  @@ -806,12 +806,36 @@
                                   <tr>
                           <td bgcolor="#a0ddf0" colspan="" rowspan="" valign="top" align="left">
       <font color="#000000" size="-1" face="arial,helvetica,sanserif">
  +                user
  +            </font>
  +</td>
  +                                <td bgcolor="#a0ddf0" colspan="" rowspan="" valign="top" align="left">
  +    <font color="#000000" size="-1" face="arial,helvetica,sanserif">
  +                Defines the security username required for this security constraint.
  +            </font>
  +</td>
  +            </tr>
  +                                <tr>
  +                        <td bgcolor="#a0ddf0" colspan="" rowspan="" valign="top" align="left">
  +    <font color="#000000" size="-1" face="arial,helvetica,sanserif">
                   role
               </font>
   </td>
                                   <td bgcolor="#a0ddf0" colspan="" rowspan="" valign="top" align="left">
       <font color="#000000" size="-1" face="arial,helvetica,sanserif">
                   Defines the security role required for this security constraint.
  +            </font>
  +</td>
  +            </tr>
  +                                <tr>
  +                        <td bgcolor="#a0ddf0" colspan="" rowspan="" valign="top" align="left">
  +    <font color="#000000" size="-1" face="arial,helvetica,sanserif">
  +                group
  +            </font>
  +</td>
  +                                <td bgcolor="#a0ddf0" colspan="" rowspan="" valign="top" align="left">
  +    <font color="#000000" size="-1" face="arial,helvetica,sanserif">
  +                Defines the security group required for this security constraint.
               </font>
   </td>
               </tr>
  
  
  
  1.5       +13 -2     jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/SecurityUpdateAction.java
  
  Index: SecurityUpdateAction.java
  ===================================================================
  RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/SecurityUpdateAction.java,v
  retrieving revision 1.4
  retrieving revision 1.5
  diff -u -r1.4 -r1.5
  --- SecurityUpdateAction.java	4 Aug 2003 00:00:22 -0000	1.4
  +++ SecurityUpdateAction.java	2 Jan 2004 21:20:10 -0000	1.5
  @@ -75,9 +75,11 @@
   import org.apache.velocity.context.Context;
   
   /**
  - * @author Administrator
  + * This action sets up the template context for managing of security entries in the Turbine database.
    *
  - * 
  + * @author <a href="mailto:jford@apache.org">Jeremy Ford</a>
  + * @author <a href="mailto:morciuch@apache.org">Mark Orciuch</a>
  + * @version $Id$
    */
   public class SecurityUpdateAction extends RegistryUpdateAction
   {
  @@ -152,10 +154,12 @@
               Iterator permissionIter = JetspeedSecurity.getPermissions();
               Iterator userIter = JetspeedSecurity.getUsers();
               Iterator roleIter = JetspeedSecurity.getRoles();
  +            Iterator groupIter = JetspeedSecurity.getGroups();
   
               context.put("permissions", iteratorToCollection(permissionIter));
               context.put("users", iteratorToCollection(userIter));
               context.put("roles", iteratorToCollection(roleIter));
  +            context.put("groups", iteratorToCollection(groupIter));
   
               context.put("entry", securityEntry);
           }
  @@ -551,6 +555,13 @@
           {
               allow = new BaseSecurityAllow();
               allow.setRole(allowValue);
  +
  +            securityAccess.getAllows().add(allow);
  +        }
  +        else if (allowType.equals("group"))
  +        {
  +            allow = new BaseSecurityAllow();
  +            allow.setGroup(allowValue);
   
               securityAccess.getAllows().add(allow);
           }
  
  
  
  1.23      +2 -1      jakarta-jetspeed/src/java/org/apache/jetspeed/modules/localization/JetspeedLocalization_de.properties
  
  Index: JetspeedLocalization_de.properties
  ===================================================================
  RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/localization/JetspeedLocalization_de.properties,v
  retrieving revision 1.22
  retrieving revision 1.23
  diff -u -r1.22 -r1.23
  --- JetspeedLocalization_de.properties	22 Nov 2003 03:54:58 -0000	1.22
  +++ JetspeedLocalization_de.properties	2 Jan 2004 21:20:10 -0000	1.23
  @@ -254,6 +254,7 @@
   REGISTRY_EDITOR_SECURITY_ACCESS_USER=User
   REGISTRY_EDITOR_SECURITY_ACCESS_ROLE=Role
   REGISTRY_EDITOR_SECURITY_ACCESS_OWNER=Owner
  +REGISTRY_EDITOR_SECURITY_ACCESS_GROUP=Group
   
   REGISTRY_EDITOR_SECURITY_ACCESS_ACTION=Action
   REGISTRY_EDITOR_SECURITY_ACCESS_TYPE=Type
  
  
  
  1.16      +1 -0      jakarta-jetspeed/src/java/org/apache/jetspeed/modules/localization/JetspeedLocalization_el.properties
  
  Index: JetspeedLocalization_el.properties
  ===================================================================
  RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/localization/JetspeedLocalization_el.properties,v
  retrieving revision 1.15
  retrieving revision 1.16
  diff -u -r1.15 -r1.16
  --- JetspeedLocalization_el.properties	22 Nov 2003 03:54:58 -0000	1.15
  +++ JetspeedLocalization_el.properties	2 Jan 2004 21:20:10 -0000	1.16
  @@ -272,6 +272,7 @@
   REGISTRY_EDITOR_SECURITY_ACCESS_USER=\u03a7\u03c1\u03ae\u03c3\u03c4\u03b7\u03c2
   REGISTRY_EDITOR_SECURITY_ACCESS_ROLE=\u03a1\u03cc\u03bb\u03bf\u03c2
   REGISTRY_EDITOR_SECURITY_ACCESS_OWNER=\u0399\u03b4\u03b9\u03bf\u03ba\u03c4\u03ae\u03c4\u03b7\u03c2
  +REGISTRY_EDITOR_SECURITY_ACCESS_GROUP=Group
   
   REGISTRY_EDITOR_SECURITY_ACCESS_ACTION=\u0395\u03bd\u03ad\u03c1\u03b3\u03b5\u03b9\u03b1
   REGISTRY_EDITOR_SECURITY_ACCESS_TYPE=\u03a4\u03cd\u03c0\u03bf\u03c2
  
  
  
  1.44      +2 -1      jakarta-jetspeed/src/java/org/apache/jetspeed/modules/localization/JetspeedLocalization_en.properties
  
  Index: JetspeedLocalization_en.properties
  ===================================================================
  RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/localization/JetspeedLocalization_en.properties,v
  retrieving revision 1.43
  retrieving revision 1.44
  diff -u -r1.43 -r1.44
  --- JetspeedLocalization_en.properties	22 Nov 2003 03:54:58 -0000	1.43
  +++ JetspeedLocalization_en.properties	2 Jan 2004 21:20:10 -0000	1.44
  @@ -283,6 +283,7 @@
   
   REGISTRY_EDITOR_SECURITY_ACCESS_USER=User
   REGISTRY_EDITOR_SECURITY_ACCESS_ROLE=Role
  +REGISTRY_EDITOR_SECURITY_ACCESS_GROUP=Group
   REGISTRY_EDITOR_SECURITY_ACCESS_OWNER=Owner
   
   REGISTRY_EDITOR_SECURITY_ACCESS_ACTION=Action
  
  
  
  1.22      +2 -1      jakarta-jetspeed/src/java/org/apache/jetspeed/modules/localization/JetspeedLocalization_es.properties
  
  Index: JetspeedLocalization_es.properties
  ===================================================================
  RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/localization/JetspeedLocalization_es.properties,v
  retrieving revision 1.21
  retrieving revision 1.22
  diff -u -r1.21 -r1.22
  --- JetspeedLocalization_es.properties	22 Nov 2003 03:54:58 -0000	1.21
  +++ JetspeedLocalization_es.properties	2 Jan 2004 21:20:10 -0000	1.22
  @@ -271,6 +271,7 @@
   REGISTRY_EDITOR_SECURITY_ACCESS_USER=User
   REGISTRY_EDITOR_SECURITY_ACCESS_ROLE=Role
   REGISTRY_EDITOR_SECURITY_ACCESS_OWNER=Owner
  +REGISTRY_EDITOR_SECURITY_ACCESS_GROUP=Group
   
   REGISTRY_EDITOR_SECURITY_ACCESS_ACTION=Action
   REGISTRY_EDITOR_SECURITY_ACCESS_TYPE=Type
  
  
  
  1.29      +2 -1      jakarta-jetspeed/src/java/org/apache/jetspeed/modules/localization/JetspeedLocalization_fr.properties
  
  Index: JetspeedLocalization_fr.properties
  ===================================================================
  RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/localization/JetspeedLocalization_fr.properties,v
  retrieving revision 1.28
  retrieving revision 1.29
  diff -u -r1.28 -r1.29
  --- JetspeedLocalization_fr.properties	22 Nov 2003 03:54:58 -0000	1.28
  +++ JetspeedLocalization_fr.properties	2 Jan 2004 21:20:10 -0000	1.29
  @@ -282,6 +282,7 @@
   REGISTRY_EDITOR_SECURITY_ACCESS_USER=User
   REGISTRY_EDITOR_SECURITY_ACCESS_ROLE=Role
   REGISTRY_EDITOR_SECURITY_ACCESS_OWNER=Owner
  +REGISTRY_EDITOR_SECURITY_ACCESS_GROUP=Group
   
   REGISTRY_EDITOR_SECURITY_ACCESS_ACTION=Action
   REGISTRY_EDITOR_SECURITY_ACCESS_TYPE=Type
  
  
  
  1.24      +1 -0      jakarta-jetspeed/src/java/org/apache/jetspeed/modules/localization/JetspeedLocalization_it.properties
  
  Index: JetspeedLocalization_it.properties
  ===================================================================
  RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/localization/JetspeedLocalization_it.properties,v
  retrieving revision 1.23
  retrieving revision 1.24
  diff -u -r1.23 -r1.24
  --- JetspeedLocalization_it.properties	22 Nov 2003 03:54:58 -0000	1.23
  +++ JetspeedLocalization_it.properties	2 Jan 2004 21:20:11 -0000	1.24
  @@ -280,6 +280,7 @@
   REGISTRY_EDITOR_SECURITY_ACCESS_USER=User
   REGISTRY_EDITOR_SECURITY_ACCESS_ROLE=Ruolo
   REGISTRY_EDITOR_SECURITY_ACCESS_OWNER=Proprietario
  +REGISTRY_EDITOR_SECURITY_ACCESS_GROUP=Group
   
   REGISTRY_EDITOR_SECURITY_ACCESS_ACTION=Action
   REGISTRY_EDITOR_SECURITY_ACCESS_TYPE=Tipo
  
  
  
  1.22      +2 -1      jakarta-jetspeed/src/java/org/apache/jetspeed/modules/localization/JetspeedLocalization_ja.properties
  
  Index: JetspeedLocalization_ja.properties
  ===================================================================
  RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/localization/JetspeedLocalization_ja.properties,v
  retrieving revision 1.21
  retrieving revision 1.22
  diff -u -r1.21 -r1.22
  --- JetspeedLocalization_ja.properties	22 Nov 2003 03:54:58 -0000	1.21
  +++ JetspeedLocalization_ja.properties	2 Jan 2004 21:20:11 -0000	1.22
  @@ -278,6 +278,7 @@
   REGISTRY_EDITOR_SECURITY_ACCESS_USER=\u30e6\u30fc\u30b6\u30fc
   REGISTRY_EDITOR_SECURITY_ACCESS_ROLE=\u30ed\u30fc\u30eb
   REGISTRY_EDITOR_SECURITY_ACCESS_OWNER=\u30aa\u30fc\u30ca\u30fc
  +REGISTRY_EDITOR_SECURITY_ACCESS_GROUP=Group
   
   REGISTRY_EDITOR_SECURITY_ACCESS_ACTION=\u30a2\u30af\u30b7\u30e7\u30f3
   REGISTRY_EDITOR_SECURITY_ACCESS_TYPE=\u30bf\u30a4\u30d7
  
  
  
  1.16      +1 -0      jakarta-jetspeed/src/java/org/apache/jetspeed/modules/localization/JetspeedLocalization_my.properties
  
  Index: JetspeedLocalization_my.properties
  ===================================================================
  RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/localization/JetspeedLocalization_my.properties,v
  retrieving revision 1.15
  retrieving revision 1.16
  diff -u -r1.15 -r1.16
  --- JetspeedLocalization_my.properties	22 Nov 2003 03:54:58 -0000	1.15
  +++ JetspeedLocalization_my.properties	2 Jan 2004 21:20:11 -0000	1.16
  @@ -217,6 +217,7 @@
   REGISTRY_EDITOR_SECURITY_ACCESS_USER=User
   REGISTRY_EDITOR_SECURITY_ACCESS_ROLE=Role
   REGISTRY_EDITOR_SECURITY_ACCESS_OWNER=Owner
  +REGISTRY_EDITOR_SECURITY_ACCESS_GROUP=Group
   
   REGISTRY_EDITOR_SECURITY_ACCESS_ACTION=Action
   REGISTRY_EDITOR_SECURITY_ACCESS_TYPE=Type
  
  
  
  1.19      +2 -1      jakarta-jetspeed/src/java/org/apache/jetspeed/modules/localization/JetspeedLocalization_nl.properties
  
  Index: JetspeedLocalization_nl.properties
  ===================================================================
  RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/localization/JetspeedLocalization_nl.properties,v
  retrieving revision 1.18
  retrieving revision 1.19
  diff -u -r1.18 -r1.19
  --- JetspeedLocalization_nl.properties	22 Nov 2003 03:54:58 -0000	1.18
  +++ JetspeedLocalization_nl.properties	2 Jan 2004 21:20:11 -0000	1.19
  @@ -280,6 +280,7 @@
   REGISTRY_EDITOR_SECURITY_ACCESS_USER=User
   REGISTRY_EDITOR_SECURITY_ACCESS_ROLE=Role
   REGISTRY_EDITOR_SECURITY_ACCESS_OWNER=Owner
  +REGISTRY_EDITOR_SECURITY_ACCESS_GROUP=Group
   
   REGISTRY_EDITOR_SECURITY_ACCESS_ACTION=Action
   REGISTRY_EDITOR_SECURITY_ACCESS_TYPE=Type
  
  
  
  1.23      +2 -1      jakarta-jetspeed/src/java/org/apache/jetspeed/modules/localization/JetspeedLocalization_no.properties
  
  Index: JetspeedLocalization_no.properties
  ===================================================================
  RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/localization/JetspeedLocalization_no.properties,v
  retrieving revision 1.22
  retrieving revision 1.23
  diff -u -r1.22 -r1.23
  --- JetspeedLocalization_no.properties	22 Nov 2003 03:54:58 -0000	1.22
  +++ JetspeedLocalization_no.properties	2 Jan 2004 21:20:11 -0000	1.23
  @@ -290,6 +290,7 @@
   REGISTRY_EDITOR_SECURITY_ACCESS_USER=Bruker
   REGISTRY_EDITOR_SECURITY_ACCESS_ROLE=Rolle
   REGISTRY_EDITOR_SECURITY_ACCESS_OWNER=Eier
  +REGISTRY_EDITOR_SECURITY_ACCESS_GROUP=Group
   
   REGISTRY_EDITOR_SECURITY_ACCESS_ACTION=Aksjon
   REGISTRY_EDITOR_SECURITY_ACCESS_TYPE=Type
  
  
  
  1.15      +2 -1      jakarta-jetspeed/src/java/org/apache/jetspeed/modules/localization/JetspeedLocalization_pl.properties
  
  Index: JetspeedLocalization_pl.properties
  ===================================================================
  RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/localization/JetspeedLocalization_pl.properties,v
  retrieving revision 1.14
  retrieving revision 1.15
  diff -u -r1.14 -r1.15
  --- JetspeedLocalization_pl.properties	22 Nov 2003 03:54:58 -0000	1.14
  +++ JetspeedLocalization_pl.properties	2 Jan 2004 21:20:11 -0000	1.15
  @@ -309,6 +309,7 @@
   REGISTRY_EDITOR_SECURITY_ACCESS_USER=User
   REGISTRY_EDITOR_SECURITY_ACCESS_ROLE=Role
   REGISTRY_EDITOR_SECURITY_ACCESS_OWNER=Owner
  +REGISTRY_EDITOR_SECURITY_ACCESS_GROUP=Group
   
   REGISTRY_EDITOR_SECURITY_ACCESS_ACTION=Action
   REGISTRY_EDITOR_SECURITY_ACCESS_TYPE=Type
  
  
  
  1.2       +1 -0      jakarta-jetspeed/src/java/org/apache/jetspeed/modules/localization/JetspeedLocalization_pt.properties
  
  Index: JetspeedLocalization_pt.properties
  ===================================================================
  RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/localization/JetspeedLocalization_pt.properties,v
  retrieving revision 1.1
  retrieving revision 1.2
  diff -u -r1.1 -r1.2
  --- JetspeedLocalization_pt.properties	26 Nov 2003 17:18:05 -0000	1.1
  +++ JetspeedLocalization_pt.properties	2 Jan 2004 21:20:11 -0000	1.2
  @@ -272,6 +272,7 @@
   REGISTRY_EDITOR_SECURITY_ACCESS_USER=User
   REGISTRY_EDITOR_SECURITY_ACCESS_ROLE=Role
   REGISTRY_EDITOR_SECURITY_ACCESS_OWNER=Owner
  +REGISTRY_EDITOR_SECURITY_ACCESS_GROUP=Group
   
   REGISTRY_EDITOR_SECURITY_ACCESS_ACTION=Action
   REGISTRY_EDITOR_SECURITY_ACCESS_TYPE=Type
  
  
  
  1.14      +1 -0      jakarta-jetspeed/src/java/org/apache/jetspeed/modules/localization/JetspeedLocalization_tr.properties
  
  Index: JetspeedLocalization_tr.properties
  ===================================================================
  RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/localization/JetspeedLocalization_tr.properties,v
  retrieving revision 1.13
  retrieving revision 1.14
  diff -u -r1.13 -r1.14
  --- JetspeedLocalization_tr.properties	22 Nov 2003 03:54:58 -0000	1.13
  +++ JetspeedLocalization_tr.properties	2 Jan 2004 21:20:11 -0000	1.14
  @@ -286,6 +286,7 @@
   REGISTRY_EDITOR_SECURITY_ACCESS_USER=Kullan\u0131c\u0131
   REGISTRY_EDITOR_SECURITY_ACCESS_ROLE=Rol
   REGISTRY_EDITOR_SECURITY_ACCESS_OWNER=Sahip
  +REGISTRY_EDITOR_SECURITY_ACCESS_GROUP=Group
   
   REGISTRY_EDITOR_SECURITY_ACCESS_ACTION=Aksiyon
   REGISTRY_EDITOR_SECURITY_ACCESS_TYPE=Tip
  
  
  
  1.4       +13 -2     jakarta-jetspeed/src/java/org/apache/jetspeed/om/registry/SecurityAllow.java
  
  Index: SecurityAllow.java
  ===================================================================
  RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/om/registry/SecurityAllow.java,v
  retrieving revision 1.3
  retrieving revision 1.4
  diff -u -r1.3 -r1.4
  --- SecurityAllow.java	25 Aug 2002 19:09:41 -0000	1.3
  +++ SecurityAllow.java	2 Jan 2004 21:20:11 -0000	1.4
  @@ -1,7 +1,7 @@
   /* ====================================================================
    * The Apache Software License, Version 1.1
    *
  - * Copyright (c) 2000-2001 The Apache Software Foundation.  All rights
  + * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
    * reserved.
    *
    * Redistribution and use in source and binary forms, with or without
  @@ -59,6 +59,7 @@
    *
    * 
    * @author <a href="mailto:paulsp@apache.org">Paul Spencer</a>
  + * @author <a href="mailto:morciuch@apache.org">Mark Orciuch</a> 
    * @version $Id$
    */
   public interface SecurityAllow {
  @@ -72,6 +73,16 @@
        * @param role New value of property role.
        */
       public void setRole(String role);
  +
  +	/** Getter for property group.
  +	 * @return Value of property group.
  +	 */
  +	public String getGroup();
  +    
  +	/** Setter for property group.
  +	 * @param role New value of property group.
  +	 */
  +	public void setGroup(String group);
       
       /** Getter for property user.
        * @return Value of property user.
  
  
  
  1.5       +86 -2     jakarta-jetspeed/src/java/org/apache/jetspeed/om/registry/SecurityEntry.java
  
  Index: SecurityEntry.java
  ===================================================================
  RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/om/registry/SecurityEntry.java,v
  retrieving revision 1.4
  retrieving revision 1.5
  diff -u -r1.4 -r1.5
  --- SecurityEntry.java	15 Apr 2003 20:44:55 -0000	1.4
  +++ SecurityEntry.java	2 Jan 2004 21:20:11 -0000	1.5
  @@ -1,7 +1,7 @@
   /* ====================================================================
    * The Apache Software License, Version 1.1
    *
  - * Copyright (c) 2000-2001 The Apache Software Foundation.  All rights
  + * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
    * reserved.
    *
    * Redistribution and use in source and binary forms, with or without
  @@ -67,6 +67,7 @@
    * 
    * @author <a href="mailto:paulsp@apache.org">Paul Spencer</a>
    * @author <a href="mailto:weaver@apache.org">Scott T. Weaver</a>
  + * @author <a href="mailto:morciuch@apache.org">Mark Orciuch</a> 
    * @version $Id$
    */
   
  @@ -155,6 +156,25 @@
        * @return <CODE>true</CODE> if action is allowed for role
        */    
       public boolean allowsRole(String role, String action);
  +
  +	/**
  +	 * Authorizes action for a group
  +	 *
  +	 * @param group requesting action
  +	 * @param action being requested
  +	 * @return <CODE>true</CODE> if action is allowed for role
  +	 */    
  +	public boolean allowsGroup(String group, String action);
  +
  +	/**
  +	 * Authorizes action for a group role
  +	 *
  +	 * @param group requesting action
  +	 * @param role requesting action 
  +	 * @param action being requested
  +	 * @return <CODE>true</CODE> if action is allowed for role
  +	 */    
  +	public boolean allowsGroupRole(String group, String role, String action);
       
       /**
        * Aututhorizes action for a named user
  @@ -196,6 +216,50 @@
            */
           boolean allowsSpecificRole(String action, String role);
   
  +   /**
  +	* Grants access for a specific action to a specific group
  +	* for this SecurityEntry.  This grants specific access ignores
  +	* "*" action, if it exists.
  +	* @param String action The action we are granting access to.
  +	* @param String group The group that will receive access to this action.
  +	* @return boolean Whether or not the access was granted. Basically,
  +	*  a <code>false</code> means that this group already has specific access.
  +	*/
  +    boolean grantGroupAccess(String action, String group);
  +
  +   /**
  +	* Checks whether a group is specifically allowed to access the request action
  +	* This method ignores the "*" action and is here to play a maintenance role.
  +	* @param String action name of action to check
  +	* @param String group name of group to verify access for
  +	* @return boolean whether or not the <code>group</code> has access
  +	* to this specific action.
  +	*/
  +	boolean allowsSpecificGroup(String action, String group);
  +
  +	/**
  +	 * Grants access for a specific action to a specific group role
  +	 * for this SecurityEntry.  This grants specific access ignores
  +	 * "*" action, if it exists.
  +	 * @param String action The action we are granting access to.
  +	 * @param String group The group that will receive access to this action.
  +	 * @param String role The role that will receive access to this action. 
  +	 * @return boolean Whether or not the access was granted. Basically,
  +	 *  a <code>false</code> means that this group role already has specific access.
  +	 */
  +	 boolean grantGroupRoleAccess(String action, String group, String role);
  +
  +	/**
  +	 * Checks whether a group role is specifically allowed to access the request action
  +	 * This method ignores the "*" action and is here to play a maintenance role.
  +	 * @param String action name of action to check
  +	 * @param String group name of group to verify access for
  +	 * @param String role name of group to verify access for
  +	 * @return boolean whether or not the <code>group role</code> has access
  +	 * to this specific action.
  +	 */
  +	 boolean allowsSpecificGroupRole(String action, String group, String role);
  +
           /**
            * Returns the SecurityAccess object for the <code>action</code>
            * requested or null if no specific access is defined for this action.
  @@ -254,4 +318,24 @@
        * was removed.
        */
           boolean revokeRoleAccess(String action, String role);
  +        
  +	/**
  +	 * Removes a group's access to a specific action.
  +	 * @param action Action to remove access from.
  +	 * @param group The group whose access we are revoking.
  +	 * @return boolean Whether or not the access existed and
  +	 * was removed.
  +	 */
  +	boolean revokeGroupAccess(String action, String group);
  +
  +	/**
  +	 * Removes a group role's access to a specific action.
  +	 * @param action Action to remove access from.
  +	 * @param group The group whose access we are revoking.
  +	 * @param role The role whose access we are revoking. 
  +	 * @return boolean Whether or not the access existed and
  +	 * was removed.
  +	 */
  +	boolean revokeGroupRoleAccess(String action, String group, String role);
  +        
   }
  
  
  
  1.4       +20 -1     jakarta-jetspeed/src/java/org/apache/jetspeed/om/registry/base/BaseSecurityAllow.java
  
  Index: BaseSecurityAllow.java
  ===================================================================
  RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/om/registry/base/BaseSecurityAllow.java,v
  retrieving revision 1.3
  retrieving revision 1.4
  diff -u -r1.3 -r1.4
  --- BaseSecurityAllow.java	25 Aug 2002 19:09:42 -0000	1.3
  +++ BaseSecurityAllow.java	2 Jan 2004 21:20:11 -0000	1.4
  @@ -68,6 +68,9 @@
   {
       /** Holds value of property role. */
       private String role;
  +
  +	/** Holds value of property group. */
  +	private String group;
       
       /** Holds value of property user. */
       private String user;
  @@ -105,6 +108,22 @@
       {
           this.role = role;
       }
  +
  +	/** Getter for property group.
  +	 * @return Value of property group.
  +	 */
  +	public String getGroup()
  +	{
  +		return group;
  +	}
  +    
  +	/** Setter for property group.
  +	 * @param role New value of property group.
  +	 */
  +	public void setGroup(String group)
  +	{
  +		this.group = group;
  +	}
       
       /** Getter for property user.
        * @return Value of property user.
  
  
  
  1.12      +316 -10   jakarta-jetspeed/src/java/org/apache/jetspeed/om/registry/base/BaseSecurityEntry.java
  
  Index: BaseSecurityEntry.java
  ===================================================================
  RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/om/registry/base/BaseSecurityEntry.java,v
  retrieving revision 1.11
  retrieving revision 1.12
  diff -u -r1.11 -r1.12
  --- BaseSecurityEntry.java	5 Aug 2003 23:20:26 -0000	1.11
  +++ BaseSecurityEntry.java	2 Jan 2004 21:20:11 -0000	1.12
  @@ -1,7 +1,7 @@
   /* ====================================================================
    * The Apache Software License, Version 1.1
    *
  - * Copyright (c) 2000-2001 The Apache Software Foundation.  All rights
  + * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
    * reserved.
    *
    * Redistribution and use in source and binary forms, with or without
  @@ -71,6 +71,7 @@
    *
    * @author <a href="mailto:paulsp@apache.org">Paul Spencer</a>
    * @author <a href="mailto:weaver@apache.org">Scott T. Weaver</a>
  + * @author <a href="mailto:morciuch@apache.org">Mark Orciuch</a> 
    * @version $Id$
    */
   public class BaseSecurityEntry extends BaseRegistryEntry implements SecurityEntry, java.io.Serializable
  @@ -85,12 +86,20 @@
   
       public static final String ALL_ROLES = "*";
   
  +	public static final String ALL_GROUPS = "*";    
  +
  +	public static final String ALL_GROUP_ROLES = "*";	
  +
       public static final String ALL_USERS = "*";
   
       private static final String OWNER_MAP = "owner";
   
       private static final String ROLE_MAP = "role";
   
  +	private static final String GROUP_MAP = "group";    
  +	
  +	private static final String GROUP_ROLE_MAP = "grouprole";	
  +
       private static final String USER_MAP = "user";
   
       private static transient Object accessMapSync = new Object();
  @@ -197,6 +206,85 @@
           return allow;
       }
   
  +	/**
  +	 * Aututhorizes action for a group.
  +	 *
  +	 * o If the requested action and the action ALL_ACTIONS
  +	 *   do not exist, then return false.
  +	 *
  +	 * o If the requesting role and ALL_GROUP does not exist for the
  +	 *   the action, then return false.
  +	 *
  +	 * @param group requesting action
  +	 * @param action being requested
  +	 * @return <CODE>true</CODE> if action is allowed for group
  +	 */
  +	public boolean allowsGroup(String group, String action)
  +	{
  +		Map allowMap = null;
  +		boolean allow = false;
  +
  +		if (accessMap == null)
  +		{
  +			buildAccessMap();
  +		}
  +
  +		// Checked action
  +		allowMap = (Map) accessMap.get(action);
  +		allow = isInAllowMap(allowMap, GROUP_MAP, group, ALL_GROUPS);
  +		if (allow == true)
  +		{
  +			return allow;
  +		}
  +
  +		// Checked all actions
  +		allowMap = (Map) accessMap.get(ALL_ACTIONS);
  +		allow = isInAllowMap(allowMap, GROUP_MAP, group, ALL_GROUPS);
  +
  +		// Not allowed
  +		return allow;
  +	}
  +
  +	/**
  +	 * Authorizes action for a group role.
  +	 *
  +	 * o If the requested action and the action ALL_ACTIONS
  +	 *   do not exist, then return false.
  +	 *
  +	 * o If the requesting group role and ALL_GROUPS_ROLES does not exist for the
  +	 *   the action, then return false.
  +	 *
  +	 * @param group requesting action
  +	 * @param role requesting action 
  +	 * @param action being requested
  +	 * @return <CODE>true</CODE> if action is allowed for group role
  +	 */
  +	public boolean allowsGroupRole(String group, String role, String action)
  +	{
  +		Map allowMap = null;
  +		boolean allow = false;
  +
  +		if (accessMap == null)
  +		{
  +			buildAccessMap();
  +		}
  +
  +		// Checked action
  +		allowMap = (Map) accessMap.get(action);
  +		allow = isInAllowMap(allowMap, GROUP_ROLE_MAP, group+role, ALL_GROUP_ROLES);
  +		if (allow == true)
  +		{
  +			return allow;
  +		}
  +
  +		// Checked all actions
  +		allowMap = (Map) accessMap.get(ALL_ACTIONS);
  +		allow = isInAllowMap(allowMap, GROUP_ROLE_MAP, group+role, ALL_GROUP_ROLES);
  +
  +		// Not allowed
  +		return allow;
  +	}
  +
       /**
        * Aututhorizes action for a named user
        *
  @@ -289,6 +377,53 @@
           }
           return false;
       }
  +
  +	/**
  +	 * Checks whether a group is specifically allowed to access the request action
  +	 * This method ignores the "*" action and is here to play a maintenance role.
  +	 */
  +	public boolean allowsSpecificGroup(String action, String group)
  +	{
  +		SecurityAccess access = (SecurityAccess) getAccess(action);
  +		if (access.getAllAllows() != null)
  +		{
  +			Iterator allAllows = access.getAllows().iterator();
  +			while (allAllows.hasNext())
  +			{
  +				SecurityAllow allow = (SecurityAllow) allAllows.next();
  +				if (allow.getGroup() != null && allow.getGroup().equals(group))
  +				{
  +					return true;
  +				}
  +			}
  +		}
  +		return false;
  +	}
  +
  +	/**
  +	 * Checks whether a group role is specifically allowed to access the request action
  +	 * This method ignores the "*" action and is here to play a maintenance role.
  +	 */
  +	public boolean allowsSpecificGroupRole(String action, String group, String role)
  +	{
  +		SecurityAccess access = (SecurityAccess) getAccess(action);
  +		if (access.getAllAllows() != null)
  +		{
  +			Iterator allAllows = access.getAllows().iterator();
  +			while (allAllows.hasNext())
  +			{
  +				SecurityAllow allow = (SecurityAllow) allAllows.next();
  +				if (allow.getGroup() != null && 
  +					allow.getGroup().equals(group) &&
  +					allow.getRole() != null &&
  +					allow.getRole().equals(role))
  +				{
  +					return true;
  +				}
  +			}
  +		}
  +		return false;
  +	}
       
           /**
           * Checks whether a role is specifically allowed to access the request action
  @@ -375,6 +510,72 @@
   
           return false;
       }
  +
  +	/**
  +	 * Grants access for a specific action to a specific group
  +	 * for this SecurityEntry.  This grants specific access ignores
  +	 * "*" action, if it exists.
  +	 * @param String action The action we are granting access to.
  +	 * @param String group The group that will receive access to this action.
  +	 * @return boolean Whether or not the access was granted. Basically,
  +	 *  a <code>false</code> means that this group already has specific access.
  +	 */
  +	public boolean grantGroupAccess(String action, String group)
  +	{
  +		if (!allowsSpecificGroup(action, role))
  +		{
  +			SecurityAccess access = getAccess(action);
  +			List allows = access.getAllows();
  +			if (allows == null)
  +			{
  +				allows = new Vector();
  +			}
  +
  +			BaseSecurityAllow allow = new BaseSecurityAllow();
  +			allow.setGroup(group);
  +			allows.add(allow);
  +            
  +			buildAccessMap();
  +            
  +			return true;
  +		}
  +
  +		return false;
  +	}
  +
  +	/**
  +	 * Grants access for a specific action to a specific group fole
  +	 * for this SecurityEntry.  This grants specific access ignores
  +	 * "*" action, if it exists.
  +	 * @param String action The action we are granting access to.
  +	 * @param String group The group that will receive access to this action.
  +	 * @param String role The role that will receive access to this action. 
  +	 * @return boolean Whether or not the access was granted. Basically,
  +	 *  a <code>false</code> means that this group role already has specific access.
  +	 */
  +	public boolean grantGroupRoleAccess(String action, String group, String role)
  +	{
  +		if (!allowsSpecificGroupRole(action, group, role))
  +		{
  +			SecurityAccess access = getAccess(action);
  +			List allows = access.getAllows();
  +			if (allows == null)
  +			{
  +				allows = new Vector();
  +			}
  +
  +			BaseSecurityAllow allow = new BaseSecurityAllow();
  +			allow.setGroup(group);
  +			allow.setRole(role);
  +			allows.add(allow);
  +            
  +			buildAccessMap();
  +            
  +			return true;
  +		}
  +
  +		return false;
  +	}
       
       /**
        * Grants access for a specific action to a specific user
  @@ -446,6 +647,83 @@
           return false;
       }
       
  +	/**
  +	 * Removes a group's access to a specific action.
  +	 * @param action Action to remove access from.
  +	 * @param group The group whose access we are revoking.
  +	 * @return boolean Whehter or not the access existed and
  +	 * was removed.
  +	 */
  +	public boolean revokeGroupAccess(String action, String group)
  +	{
  +		if (allowsSpecificGroup(action, group))
  +		{
  +			SecurityAccess access = getAccess(action);
  +			List allows = access.getAllows();
  +			if (allows == null || allows.isEmpty())
  +			{
  +				revokeAccess(action);
  +				return false;
  +			}
  +
  +			for (int i = 0; i < allows.size(); i++)
  +			{
  +				BaseSecurityAllow allow = (BaseSecurityAllow) allows.get(i);
  +				if (allow.getGroup() != null && allow.getGroup().equals(group))
  +				{
  +					allows.remove(i);
  +					if (allows.isEmpty() && access.getOwnerAllows().isEmpty())
  +					{
  +						revokeAccess(action);
  +					}
  +
  +					return true;
  +				}
  +			}
  +		}
  +		return false;
  +	}
  +
  +	/**
  +	 * Removes a group role's access to a specific action.
  +	 * @param action Action to remove access from.
  +	 * @param group The group whose access we are revoking.
  +	 * @param role The role whose access we are revoking. 
  +	 * @return boolean Whether or not the access existed and
  +	 * was removed.
  +	 */
  +	public boolean revokeGroupRoleAccess(String action, String group, String role)
  +	{
  +		if (allowsSpecificGroupRole(action, group, role))
  +		{
  +			SecurityAccess access = getAccess(action);
  +			List allows = access.getAllows();
  +			if (allows == null || allows.isEmpty())
  +			{
  +				revokeAccess(action);
  +				return false;
  +			}
  +
  +			for (int i = 0; i < allows.size(); i++)
  +			{
  +				BaseSecurityAllow allow = (BaseSecurityAllow) allows.get(i);
  +				if (allow.getGroup() != null && 
  +					allow.getGroup().equals(group) &&
  +					allow.getRole() != null &&
  +					allow.getRole().equals(role))
  +				{
  +					allows.remove(i);
  +					if (allows.isEmpty() && access.getOwnerAllows().isEmpty())
  +					{
  +						revokeAccess(action);
  +					}
  +
  +					return true;
  +				}
  +			}
  +		}
  +		return false;
  +	}
       
       /**
       * Removes a user's access to a specific action.
  @@ -557,8 +835,11 @@
       {
           SecurityAllow allowElement = null;
           String role = null;
  +        String group = null;
           Map ownerMap = null; // Map of owner allowed
           Map roleMap = null;  // Map of roles allowed
  +		Map groupMap = null;  // Map of groups allowed        
  +		Map groupRoleMap = null;  // Map of group role allowed		
           Map userMap = null;  // Map of users allowed
           String userName = null;
   
  @@ -573,7 +854,7 @@
               allowElement = (SecurityAllow) allowIterator.next();
               role = null;
               userName = null;
  -
  +			group = null;
   
               // Add Owner
               if (allowElement.isOwner() == true)
  @@ -600,6 +881,31 @@
                   roleMap.put(role, null);
               }
   
  +			// Add Group
  +			group = allowElement.getGroup();
  +			if (group != null)
  +			{
  +				groupMap = (Map) accessMap.get(GROUP_MAP);
  +				if (groupMap == null)
  +				{
  +					groupMap = new HashMap();
  +					accessMap.put(GROUP_MAP, groupMap);
  +				}
  +				groupMap.put(group, null);
  +			}
  +
  +			// Add Group Role
  +			if (group != null && role != null)
  +			{
  +				groupRoleMap = (Map) accessMap.get(GROUP_ROLE_MAP);
  +				if (groupRoleMap == null)
  +				{
  +					groupRoleMap = new HashMap();
  +					accessMap.put(GROUP_ROLE_MAP, groupRoleMap);
  +				}
  +				groupRoleMap.put(group+role, null);
  +			}
  +
               // Add User
               userName = allowElement.getUser();
               if (userName != null)
  @@ -619,9 +925,9 @@
        * Search allow map of user/role or "all user/role"
        *
        * @param allowMap Map of allow-if
  -     * @param mapType ROLE_MAP or USER_MAP
  +     * @param mapType ROLE_MAP or USER_MAP or GROUP_MAP or GROUP_ROLE_MAP
        * @param mapKey role or user to test
  -     * @param allKey ALL_ROLE or ALL_USER
  +     * @param allKey ALL_ROLE or ALL_USER or ALL_GROUP or ALL_GROUP_ROLE
        * @return <CODE>true</CODE> or <CODE>false</CODE>
        */
       private boolean isInAllowMap(Map allowMap, String mapType, String mapKey, String allKey)
  @@ -629,15 +935,15 @@
           boolean allow = false;
           if (allowMap != null)
           {
  -            Map allowRoleMap = (Map) allowMap.get(mapType);
  -            if (allowRoleMap == null)
  +            Map allowTypeMap = (Map) allowMap.get(mapType);
  +            if (allowTypeMap == null)
               {
  -                return allowMap.isEmpty(); // If acction exist and no allows, then grant permission
  +                return allowMap.isEmpty(); // If action exist and no allows, then grant permission
               }
  -            allow = allowRoleMap.containsKey(mapKey);
  +            allow = allowTypeMap.containsKey(mapKey);
               if (allow == false)
               {
  -              allow = allowRoleMap.containsKey(allKey);
  +              allow = allowTypeMap.containsKey(allKey);
               }
               return allow;
           }
  
  
  
  1.8       +14 -6     jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/registry/RegistryAccessController.java
  
  Index: RegistryAccessController.java
  ===================================================================
  RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/registry/RegistryAccessController.java,v
  retrieving revision 1.7
  retrieving revision 1.8
  diff -u -r1.7 -r1.8
  --- RegistryAccessController.java	23 Jul 2003 19:50:24 -0000	1.7
  +++ RegistryAccessController.java	2 Jan 2004 21:20:11 -0000	1.8
  @@ -1,7 +1,7 @@
   /* ====================================================================
    * The Apache Software License, Version 1.1
    *
  - * Copyright (c) 2000-2001 The Apache Software Foundation.  All rights
  + * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
    * reserved.
    *
    * Redistribution and use in source and binary forms, with or without
  @@ -56,13 +56,14 @@
   
   // Java imports
   import java.util.Iterator;
  +
   import javax.servlet.ServletConfig;
   
  -// Jetspeed import
   import org.apache.jetspeed.om.SecurityReference;
   import org.apache.jetspeed.om.profile.Entry;
   import org.apache.jetspeed.om.registry.RegistryEntry;
   import org.apache.jetspeed.om.registry.SecurityEntry;
  +import org.apache.jetspeed.om.security.Group;
   import org.apache.jetspeed.om.security.JetspeedUser;
   import org.apache.jetspeed.om.security.Role;
   import org.apache.jetspeed.portal.Portlet;
  @@ -71,13 +72,12 @@
   import org.apache.jetspeed.services.Registry;
   import org.apache.jetspeed.services.logging.JetspeedLogFactoryService;
   import org.apache.jetspeed.services.logging.JetspeedLogger;
  +import org.apache.jetspeed.services.security.JetspeedGroupManagement;
   import org.apache.jetspeed.services.security.JetspeedRoleManagement;
   import org.apache.jetspeed.services.security.PortalAccessController;
   import org.apache.jetspeed.services.security.PortalResource;
  -
  -// Turbine imports
  -import org.apache.turbine.services.TurbineBaseService;
   import org.apache.turbine.services.InitializationException;
  +import org.apache.turbine.services.TurbineBaseService;
   
   /**
    * TurbineAccessController
  @@ -267,6 +267,14 @@
                   if (securityEntry.allowsRole((String) role.getName(), action))
                       return true;
               }
  +            
  +			for( Iterator groups = JetspeedGroupManagement.getGroups(user.getUserName()); groups.hasNext();)
  +			{
  +				Group group = (Group) groups.next();
  +				if (securityEntry.allowsGroup((String) group.getName(), action))
  +					return true;
  +			}
  +            
           }
           catch (Exception e)
           {
  
  
  
  1.6       +97 -25    jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/registry/TestAccessController.java
  
  Index: TestAccessController.java
  ===================================================================
  RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/registry/TestAccessController.java,v
  retrieving revision 1.5
  retrieving revision 1.6
  diff -u -r1.5 -r1.6
  --- TestAccessController.java	8 Aug 2003 18:28:03 -0000	1.5
  +++ TestAccessController.java	2 Jan 2004 21:20:11 -0000	1.6
  @@ -55,35 +55,34 @@
   package org.apache.jetspeed.services.security.registry;
   
   // Java imports
  +import java.util.Iterator;
   import java.util.Vector;
   
  -// Jetspeed imports
  -import org.apache.jetspeed.test.JetspeedTestCase;
  -import org.apache.jetspeed.om.profile.Entry;
  -import org.apache.jetspeed.om.profile.psml.PsmlEntry;
  +import junit.awtui.TestRunner;
  +import junit.framework.Test;
  +import junit.framework.TestSuite;
  +
   import org.apache.jetspeed.om.BaseSecurityReference;
   import org.apache.jetspeed.om.SecurityReference;
  -import org.apache.jetspeed.om.security.JetspeedUser;
  +import org.apache.jetspeed.om.profile.Entry;
  +import org.apache.jetspeed.om.profile.psml.PsmlEntry;
  +import org.apache.jetspeed.om.registry.RegistryEntry;
  +import org.apache.jetspeed.om.registry.SecurityAccess;
  +import org.apache.jetspeed.om.registry.SecurityAllow;
  +import org.apache.jetspeed.om.registry.SecurityEntry;
   import org.apache.jetspeed.om.registry.base.BaseSecurityAccess;
   import org.apache.jetspeed.om.registry.base.BaseSecurityAllow;
   import org.apache.jetspeed.om.registry.base.BaseSecurityEntry;
  -import org.apache.jetspeed.om.registry.RegistryEntry;
  -import org.apache.jetspeed.om.registry.SecurityEntry;
  -
  -import org.apache.jetspeed.services.JetspeedSecurity;
  +import org.apache.jetspeed.om.security.JetspeedUser;
   import org.apache.jetspeed.services.JetspeedPortalAccessController;
  +import org.apache.jetspeed.services.JetspeedSecurity;
   import org.apache.jetspeed.services.Registry;
   import org.apache.jetspeed.services.resources.JetspeedResources;
  +import org.apache.jetspeed.services.security.JetspeedGroupManagement;
   import org.apache.jetspeed.services.security.JetspeedRoleManagement;
  -
  -// Turbine imports
  -import org.apache.turbine.util.TurbineConfig;
  +import org.apache.jetspeed.test.JetspeedTestCase;
   import org.apache.turbine.util.StringUtils;
  -
  -// Junit imports
  -import junit.awtui.TestRunner;
  -import junit.framework.Test;
  -import junit.framework.TestSuite;
  +import org.apache.turbine.util.TurbineConfig;
   
   /**
    * TestAccessController
  @@ -148,11 +147,11 @@
           "org.apache.jetspeed.services.security.registry.RegistryAccessController",
           JetspeedResources.getString("services.PortalAccessController.classname"));
   
  -        Registry.addEntry(Registry.SECURITY, (RegistryEntry) createSecurityEntry( "admin_only", "admin", "*"));
  +        Registry.addEntry(Registry.SECURITY, (RegistryEntry) createSecurityEntry( "admin_only", null, "admin", null, "*"));
           assertNotNull( "Getting admin_only security " , Registry.getEntry( Registry.SECURITY, "admin_only"));
  -        Registry.addEntry(Registry.SECURITY, (RegistryEntry) createSecurityEntry( "user_only", "user", "*"));
  +        Registry.addEntry(Registry.SECURITY, (RegistryEntry) createSecurityEntry( "user_only", null, "user", null, "*"));
           assertNotNull( "Getting user_only security " , Registry.getEntry( Registry.SECURITY, "user_only"));
  -        Registry.addEntry(Registry.SECURITY, (RegistryEntry) createSecurityEntry( "wide_open", null, "*"));
  +        Registry.addEntry(Registry.SECURITY, (RegistryEntry) createSecurityEntry( "wide_open", null, null, null, "*"));
           assertNotNull( "Getting wide_open security " , Registry.getEntry( Registry.SECURITY, "wide_open"));
   
           /*
  @@ -167,7 +166,7 @@
            *   </access>
            * </security-entry>
            */
  -        Registry.addEntry(Registry.SECURITY, (RegistryEntry) createSecurityEntry( "all_users-view_anon", "user", "*"));
  +        Registry.addEntry(Registry.SECURITY, (RegistryEntry) createSecurityEntry( "all_users-view_anon", null, "user", null, "*"));
           assertNotNull( "Getting all_users-view_anon security " , Registry.getEntry( Registry.SECURITY, "all_users-view_anon"));
           SecurityEntry secEntry = (SecurityEntry) Registry.getEntry( Registry.SECURITY, "all_users-view_anon");
           Vector accessVector = secEntry.getAccesses();
  @@ -248,7 +247,78 @@
           assertEquals( "Anonymous user has maximize access to " + USERANON_PORTLET, false, JetspeedPortalAccessController.checkPermission( anonymousUser, userAnonEntry, "maximize"));
       }
   
  -/*
  +	public void testGroups() throws Exception
  +	{
  +		/*
  +		 * Create a security entry that looks look like the following
  +		 *
  +		 * <security-entry name="powerusers_all-anon_view">
  +		 *   <access action="*">
  +		 *     <allow-if group="powerusers"/>
  +		 * 	   <allow-if role="admin"/>
  +		 *   </access>
  +		 *   <access action="view">
  +		 *     <allow-if role="anon"/>
  +		 *   </access>
  +		 * </security-entry>
  +		 */
  +		
  +		assertEquals( "Using RegistryAccessController",
  +		"org.apache.jetspeed.services.security.registry.RegistryAccessController",
  +		JetspeedResources.getString("services.PortalAccessController.classname"));
  +
  +		SecurityEntry paav = createSecurityEntry( "powerusers_all-anon_view", "powerusers", null, null, "*");
  +		Registry.addEntry(Registry.SECURITY, (RegistryEntry) paav);
  +		assertNotNull( "Getting powerusers_all-anon_view" , Registry.getEntry( Registry.SECURITY, "powerusers_all-anon_view"));
  +		
  +		SecurityEntry secEntry = (SecurityEntry) Registry.getEntry( Registry.SECURITY, "powerusers_all-anon_view");
  +		Vector accessVector = secEntry.getAccesses();
  +		
  +		for (Iterator it = accessVector.iterator(); it.hasNext();)
  +		{
  +			SecurityAccess access = (SecurityAccess) it.next(); 
  +			System.out.println("Action:" + access.getAction().toString());
  +			
  +			Vector allAllows = access.getAllAllows();
  +			for (Iterator it1 = allAllows.iterator(); it1.hasNext();)
  +			{
  +				SecurityAllow allow = (SecurityAllow) it1.next(); 
  +				System.out.println("Allow group: " + allow.getGroup() + ", role: " + allow.getRole() + ", user: " + allow.getUser());				
  +			}
  +		}		
  +		
  +		SecurityReference secRef = new BaseSecurityReference();
  +		secRef.setParent("powerusers_all-anon_view");
  +		Entry adminEntry = createEntry(ADMIN_PORTLET, "ST_01.admin", secRef);
  +				
  +		JetspeedUser turbineUser = (JetspeedUser) JetspeedSecurity.getUser("turbine");
  +		assertNotNull( "Getting turbine user", turbineUser);
  +		turbineUser.setHasLoggedIn(Boolean.TRUE);
  +
  +		try
  +		{
  +			JetspeedGroupManagement.unjoinGroup("turbine", "powerusers");
  +		}
  +		catch (Exception e)
  +		{
  +		}
  +
  +		assertEquals( "Turbine user has no view access to " + ADMIN_PORTLET, false, JetspeedPortalAccessController.checkPermission( turbineUser, adminEntry, "view"));
  +		
  +		//Group pug = new BaseJetspeedGroup("powerusers");
  +		//JetspeedGroupManagement.addGroup(pug);
  +		try
  +		{
  +			JetspeedGroupManagement.joinGroup("turbine", "powerusers");
  +		}
  +		catch (Exception e)
  +		{
  +		}
  +		
  +		assertEquals( "Turbine user has view access to " + ADMIN_PORTLET, true, JetspeedPortalAccessController.checkPermission( turbineUser, adminEntry, "view"));
  +	}
  +
  +	/*
        * Setup Turbine environment
        */
       
  @@ -286,13 +356,15 @@
           return entry;
       }
   
  -    private SecurityEntry createSecurityEntry( String name, String role, String action)
  +    private SecurityEntry createSecurityEntry( String name, String group, String role, String user, String action)
       {
           Vector allowVector = null;
  -        if (role != null)
  +        if (role != null || group != null || user != null)
           {
               BaseSecurityAllow allowElement = new BaseSecurityAllow();
               allowElement.setRole(role);
  +            allowElement.setGroup(group);
  +            allowElement.setUser(user);
               allowVector = new Vector();
               allowVector.addElement(allowElement);
           }
  
  
  
  1.15      +4 -0      jakarta-jetspeed/webapp/WEB-INF/conf/registry.xml
  
  Index: registry.xml
  ===================================================================
  RCS file: /home/cvs/jakarta-jetspeed/webapp/WEB-INF/conf/registry.xml,v
  retrieving revision 1.14
  retrieving revision 1.15
  diff -u -r1.14 -r1.15
  --- registry.xml	25 Aug 2003 06:18:41 -0000	1.14
  +++ registry.xml	2 Jan 2004 21:20:11 -0000	1.15
  @@ -471,6 +471,10 @@
       <field name="role" type="java.lang.String">
         <bind-xml name="role" node="attribute"/>
       </field>
  +
  +    <field name="group" type="java.lang.String">
  +      <bind-xml name="group" node="attribute"/>
  +    </field>
       
       <field name="user" type="java.lang.String">
         <bind-xml name="user" node="attribute"/>
  
  
  
  1.4       +18 -3     jakarta-jetspeed/webapp/WEB-INF/templates/vm/portlets/html/security-form.vm
  
  Index: security-form.vm
  ===================================================================
  RCS file: /home/cvs/jakarta-jetspeed/webapp/WEB-INF/templates/vm/portlets/html/security-form.vm,v
  retrieving revision 1.3
  retrieving revision 1.4
  diff -u -r1.3 -r1.4
  --- security-form.vm	27 Aug 2003 00:56:46 -0000	1.3
  +++ security-form.vm	2 Jan 2004 21:20:11 -0000	1.4
  @@ -153,8 +153,8 @@
   	      	  	#if($allow)
   	      	  	<table>
   	      	  		<tr>
  -	      	  			<td>#if($allow.user)$l10n.REGISTRY_EDITOR_SECURITY_ACCESS_USER #elseif($allow.role)$l10n.REGISTRY_EDITOR_SECURITY_ACCESS_ROLE #else $l10n.REGISTRY_EDITOR_SECURITY_ACCESS_OWNER #end</td>
  -	      	  			<td>#if($allow.user)$allow.user #elseif($allow.role)$allow.role #else &nbsp; #end</td>
  +	      	  			<td>#if($allow.user)$l10n.REGISTRY_EDITOR_SECURITY_ACCESS_USER #elseif($allow.role)$l10n.REGISTRY_EDITOR_SECURITY_ACCESS_ROLE #elseif($allow.group)$l10n.REGISTRY_EDITOR_SECURITY_ACCESS_GROUP #else $l10n.REGISTRY_EDITOR_SECURITY_ACCESS_OWNER #end</td>
  +	      	  			<td>#if($allow.user)$allow.user #elseif($allow.role)$allow.role #elseif($allow.group)$allow.group #else &nbsp; #end</td>
   	      	  		<tr>
   	      	  	</table>
   	      	  	#else
  @@ -176,12 +176,13 @@
   	      	
   	      	var userSelect = new Array;
   	      	var roleSelect = new Array;
  +            var groupSelect = new Array;
   	      	var populated = false;
   	      	
   	      	function populate()
   	      	{	      	
   		      	#foreach($user in $users)
  -		      	#set($myCount = $velocityCount - 1)
  +		      	    #set($myCount = $velocityCount - 1)
   		      		var userOption$myCount = new Option;
   		      		userOption${myCount}.value = "$user.userName";
   		      		userOption${myCount}.text = "$user.userName";
  @@ -197,6 +198,15 @@
   		      		
   		      		roleSelect[$myCount] = roleOption$myCount;
   		      	#end
  +
  +		      	#foreach($group in $groups)
  +		      		#set($myCount = $velocityCount - 1)
  +		      		var groupOption$myCount = new Option;
  +		      		groupOption${myCount}.value = "$group.name";
  +		      		groupOption${myCount}.text = "$group.name";
  +		      		
  +		      		groupSelect[$myCount] = groupOption$myCount;
  +		      	#end
   		      	
   		      	populated = true;
   		}
  @@ -221,6 +231,10 @@
   	      		{
   	      			newOpts = roleSelect;
   	      		}
  +	      		else if(val == "group")
  +	      		{
  +	      			newOpts = groupSelect;
  +	      		}
   	      		
   	      		var select = document.NewSecurity.allow_value;
   	      		
  @@ -258,6 +272,7 @@
   	      	  		<option value="owner">$l10n.REGISTRY_EDITOR_SECURITY_ACCESS_OWNER</option>
   	      	  		<option value="user">$l10n.REGISTRY_EDITOR_SECURITY_ACCESS_USER</option>
   	      	  		<option value="role">$l10n.REGISTRY_EDITOR_SECURITY_ACCESS_ROLE</option>
  +	      	  		<option value="group">$l10n.REGISTRY_EDITOR_SECURITY_ACCESS_GROUP</option>                    
   	      	  	</select>
   	      	  </td>
   	      	</tr>
  
  
  
  1.11      +10 -2     jakarta-jetspeed/xdocs/security.xml
  
  Index: security.xml
  ===================================================================
  RCS file: /home/cvs/jakarta-jetspeed/xdocs/security.xml,v
  retrieving revision 1.10
  retrieving revision 1.11
  diff -u -r1.10 -r1.11
  --- security.xml	12 Dec 2003 17:54:17 -0000	1.10
  +++ security.xml	2 Jan 2004 21:20:11 -0000	1.11
  @@ -222,7 +222,7 @@
   The default Jetspeed security service stores its security constraints in a Jetspeed registry.
   New security constraints are deployed in to Jetspeed as  XREG files.
   They are standalone, high level registry elements like a portlet-entry. 
  -Constraints list the valid roles and users for the constraint, and the action for which 
  +Constraints list the valid roles, groups and users for the constraint, and the action for which 
   we are allowing (granting) access  on the resource.
   The tables below defines the valid attributes and elements of a security entry:
   </p>
  @@ -278,7 +278,7 @@
   </tr>
   <tr>
   	<td>allow-if</td>
  -	<td>Defines which role will be granted access for the associated action. If not defined, access is denied to everyone for the associated action.</td>
  +	<td>Defines which role/group/user will be granted access for the associated action. If not defined, access is denied to everyone for the associated action.</td>
   </tr>
   <tr>
   	<td>allow-if-owner</td>
  @@ -295,8 +295,16 @@
    <th>Description</th>
   </tr>
   <tr>
  +	<td>user</td>
  +	<td>Defines the security username required for this security constraint.</td>
  +</tr>
  +<tr>
   	<td>role</td>
   	<td>Defines the security role required for this security constraint.</td>
  +</tr>
  +<tr>
  +	<td>group</td>
  +	<td>Defines the security group required for this security constraint.</td>
   </tr>
   </table>
   <br/>
  
  
  

---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org


Mime
View raw message